Windows
Analysis Report
Markelcorp Pay-Application Completed November 29, 2022_48707712230774110046.html
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
- chrome.exe (PID: 6832 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t C:\Users \user\Desk top\Markel corp Pay-A pplication Completed November 29, 2022_4 8707712230 774110046. html MD5: 7BC7B4AEDC055BB02BCB52710132E9E1) - chrome.exe (PID: 7036 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2036 --fi eld-trial- handle=174 8,i,320652 4124022006 366,844139 3421957404 145,131072 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionTarget Prediction /prefetch :8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_obfuscated_JS_obfuscatorio | Detects JS obfuscation done by the js obfuscator (often malicious) | @imp0rtp3 |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_obfuscated_JS_obfuscatorio | Detects JS obfuscation done by the js obfuscator (often malicious) | @imp0rtp3 |
| |
JoeSecurity_HtmlPhish_45 | Yara detected HtmlPhish_45 | Joe Security |
Click to jump to signature section
Phishing |
---|
Source: | File source: |
Source: | Directory created: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | JA3 fingerprint: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | File created: | Jump to behavior |
Source: | Window detected: |
Source: | Directory created: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 2 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 3 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 4 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
part-0017.t-0009.t-msedge.net | 13.107.246.45 | true | false |
| unknown |
accounts.google.com | 142.250.186.45 | true | false | high | |
cdnjs.cloudflare.com | 104.17.24.14 | true | false | high | |
part-0017.t-0009.fbs1-t-msedge.net | 13.107.219.45 | true | false |
| unknown |
www.google.com | 142.250.181.228 | true | false | high | |
clients.l.google.com | 142.250.186.110 | true | false | high | |
cs1025.wpc.upsiloncdn.net | 152.199.23.72 | true | false |
| unknown |
dreams15.co | 192.185.196.50 | true | false | unknown | |
aadcdn.msauthimages.net | unknown | unknown | false |
| unknown |
clients2.google.com | unknown | unknown | false | high | |
code.jquery.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | low | ||
false |
| unknown | |
false | high | ||
false | high | ||
false | high | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.186.45 | accounts.google.com | United States | 15169 | GOOGLEUS | false | |
104.17.24.14 | cdnjs.cloudflare.com | United States | 13335 | CLOUDFLARENETUS | false | |
152.199.23.72 | cs1025.wpc.upsiloncdn.net | United States | 15133 | EDGECASTUS | false | |
13.107.246.45 | part-0017.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.181.228 | www.google.com | United States | 15169 | GOOGLEUS | false | |
192.185.196.50 | dreams15.co | United States | 46606 | UNIFIEDLAYER-AS-1US | false | |
142.250.186.110 | clients.l.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.2 |
192.168.2.1 |
127.0.0.1 |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 756210 |
Start date and time: | 2022-11-29 20:23:50 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 3m 58s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | Markelcorp Pay-Application Completed November 29, 2022_48707712230774110046.html |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip) |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal48.phis.winHTML@23/0@12/11 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, usocoreworker.exe, svchost.exe
- TCP Packets have been reduced to 100
- Excluded IPs from analysis (whitelisted): 69.16.175.42, 69.16.175.10, 142.250.185.67, 34.104.35.123, 142.250.185.227
- Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, cds.s5x3j6q5.hwcdn.net, fs.microsoft.com, slscr.update.microsoft.com, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, edgedl.me.gvt1.com, login.live.com, aadcdn.azureedge.net, aadcdn.ec.azureedge.net, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, global-entry-afdthirdparty-fallback.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtWriteVirtualMemory calls found.
File type: | |
Entropy (8bit): | 5.901905953457114 |
TrID: | |
File name: | Markelcorp Pay-Application Completed November 29, 2022_48707712230774110046.html |
File size: | 27424 |
MD5: | d21ad4851c96168de4456dea77044b9c |
SHA1: | bee29bccd77e6848093f899a493f1330442899da |
SHA256: | 989f90793f02c5b623cf3830d184dba364fef0d2c2726d4636fb3b4877cafa39 |
SHA512: | 3a6bf8462a335e0a83ed20aa7840f4c4b891afd95299b08f55b8e878927ad2dce5fb94a6dff0904e0fbcbf70a05ee87c338ffc43e4e062577753617ce5a6a882 |
SSDEEP: | 768:72zsDrtJtatBLtrevto8W+3YNYziUr9Dng6PsyTljhdqk/rmWLT/AhlDfy:724DrtJtatxtrevto8W+7iUJg6PsUrw6 |
TLSH: | 87C23D130A077A775F113B7B0B5B3E0F2405BD9D2AE16984D7168E64E11EB0B09EA23D |
File Content Preview: | <head> </head><body> <div id="loadingScreen" style=""><input class="UOvCe9ucmB4k" type="hidden" id="b64u" value="aHR0cHM6Ly9kcmVhbXMxNS5jby9jc2MvaG9zdDkvMGY3MGUxYS5waHA="></input><div style="display:none;" id="e5zezr5TRTXB" name="V2Y8WIS38Z3i" class="5tAa |
Icon Hash: | 78d0a8cccc88c460 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 29, 2022 20:24:19.603596926 CET | 49693 | 443 | 192.168.2.3 | 142.250.186.110 |
Nov 29, 2022 20:24:19.603663921 CET | 443 | 49693 | 142.250.186.110 | 192.168.2.3 |
Nov 29, 2022 20:24:19.603761911 CET | 49693 | 443 | 192.168.2.3 | 142.250.186.110 |
Nov 29, 2022 20:24:19.606369972 CET | 49693 | 443 | 192.168.2.3 | 142.250.186.110 |
Nov 29, 2022 20:24:19.606403112 CET | 443 | 49693 | 142.250.186.110 | 192.168.2.3 |
Nov 29, 2022 20:24:19.618220091 CET | 49696 | 443 | 192.168.2.3 | 142.250.186.45 |
Nov 29, 2022 20:24:19.618302107 CET | 443 | 49696 | 142.250.186.45 | 192.168.2.3 |
Nov 29, 2022 20:24:19.618407965 CET | 49696 | 443 | 192.168.2.3 | 142.250.186.45 |
Nov 29, 2022 20:24:19.618762016 CET | 49696 | 443 | 192.168.2.3 | 142.250.186.45 |
Nov 29, 2022 20:24:19.618792057 CET | 443 | 49696 | 142.250.186.45 | 192.168.2.3 |
Nov 29, 2022 20:24:19.714555025 CET | 443 | 49696 | 142.250.186.45 | 192.168.2.3 |
Nov 29, 2022 20:24:19.715059042 CET | 49696 | 443 | 192.168.2.3 | 142.250.186.45 |
Nov 29, 2022 20:24:19.715111971 CET | 443 | 49696 | 142.250.186.45 | 192.168.2.3 |
Nov 29, 2022 20:24:19.716875076 CET | 443 | 49696 | 142.250.186.45 | 192.168.2.3 |
Nov 29, 2022 20:24:19.716993093 CET | 49696 | 443 | 192.168.2.3 | 142.250.186.45 |
Nov 29, 2022 20:24:19.721939087 CET | 443 | 49693 | 142.250.186.110 | 192.168.2.3 |
Nov 29, 2022 20:24:19.744334936 CET | 49693 | 443 | 192.168.2.3 | 142.250.186.110 |
Nov 29, 2022 20:24:19.744398117 CET | 443 | 49693 | 142.250.186.110 | 192.168.2.3 |
Nov 29, 2022 20:24:19.745439053 CET | 443 | 49693 | 142.250.186.110 | 192.168.2.3 |
Nov 29, 2022 20:24:19.745567083 CET | 49693 | 443 | 192.168.2.3 | 142.250.186.110 |
Nov 29, 2022 20:24:19.746886969 CET | 443 | 49693 | 142.250.186.110 | 192.168.2.3 |
Nov 29, 2022 20:24:19.746975899 CET | 49693 | 443 | 192.168.2.3 | 142.250.186.110 |
Nov 29, 2022 20:24:20.022597075 CET | 49693 | 443 | 192.168.2.3 | 142.250.186.110 |
Nov 29, 2022 20:24:20.022658110 CET | 443 | 49693 | 142.250.186.110 | 192.168.2.3 |
Nov 29, 2022 20:24:20.022981882 CET | 443 | 49693 | 142.250.186.110 | 192.168.2.3 |
Nov 29, 2022 20:24:20.024271011 CET | 49693 | 443 | 192.168.2.3 | 142.250.186.110 |
Nov 29, 2022 20:24:20.024315119 CET | 443 | 49693 | 142.250.186.110 | 192.168.2.3 |
Nov 29, 2022 20:24:20.025073051 CET | 49696 | 443 | 192.168.2.3 | 142.250.186.45 |
Nov 29, 2022 20:24:20.025147915 CET | 443 | 49696 | 142.250.186.45 | 192.168.2.3 |
Nov 29, 2022 20:24:20.025357008 CET | 49696 | 443 | 192.168.2.3 | 142.250.186.45 |
Nov 29, 2022 20:24:20.025378942 CET | 443 | 49696 | 142.250.186.45 | 192.168.2.3 |
Nov 29, 2022 20:24:20.025429010 CET | 443 | 49696 | 142.250.186.45 | 192.168.2.3 |
Nov 29, 2022 20:24:20.053329945 CET | 443 | 49693 | 142.250.186.110 | 192.168.2.3 |
Nov 29, 2022 20:24:20.053431988 CET | 49693 | 443 | 192.168.2.3 | 142.250.186.110 |
Nov 29, 2022 20:24:20.053474903 CET | 443 | 49693 | 142.250.186.110 | 192.168.2.3 |
Nov 29, 2022 20:24:20.053576946 CET | 443 | 49693 | 142.250.186.110 | 192.168.2.3 |
Nov 29, 2022 20:24:20.053663969 CET | 49693 | 443 | 192.168.2.3 | 142.250.186.110 |
Nov 29, 2022 20:24:20.057389021 CET | 49693 | 443 | 192.168.2.3 | 142.250.186.110 |
Nov 29, 2022 20:24:20.057430983 CET | 443 | 49693 | 142.250.186.110 | 192.168.2.3 |
Nov 29, 2022 20:24:20.065962076 CET | 49696 | 443 | 192.168.2.3 | 142.250.186.45 |
Nov 29, 2022 20:24:20.066020966 CET | 443 | 49696 | 142.250.186.45 | 192.168.2.3 |
Nov 29, 2022 20:24:20.080029011 CET | 443 | 49696 | 142.250.186.45 | 192.168.2.3 |
Nov 29, 2022 20:24:20.080111027 CET | 49696 | 443 | 192.168.2.3 | 142.250.186.45 |
Nov 29, 2022 20:24:20.080159903 CET | 443 | 49696 | 142.250.186.45 | 192.168.2.3 |
Nov 29, 2022 20:24:20.080389023 CET | 443 | 49696 | 142.250.186.45 | 192.168.2.3 |
Nov 29, 2022 20:24:20.080462933 CET | 49696 | 443 | 192.168.2.3 | 142.250.186.45 |
Nov 29, 2022 20:24:20.082889080 CET | 49696 | 443 | 192.168.2.3 | 142.250.186.45 |
Nov 29, 2022 20:24:20.082932949 CET | 443 | 49696 | 142.250.186.45 | 192.168.2.3 |
Nov 29, 2022 20:24:20.506098032 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:20.506182909 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:20.506308079 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:20.506639004 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:20.506669044 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:20.778419018 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:20.788678885 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:20.788736105 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:20.790395975 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:20.790596962 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:20.792845011 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:20.792865992 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:20.793039083 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:20.793091059 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:20.793104887 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:20.833014011 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:20.833054066 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:20.873086929 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:22.432343006 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.432408094 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.432425022 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.432492971 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.432519913 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:22.432521105 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:22.432570934 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.432627916 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:22.473212004 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:22.555254936 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.555283070 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.555424929 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.555480003 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.555529118 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.555538893 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:22.555540085 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:22.555547953 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.555573940 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.555591106 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:22.555634022 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.555679083 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:22.555704117 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.555785894 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:22.555807114 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.595247984 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:22.679264069 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.679289103 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.679389000 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:22.679449081 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:22.679471970 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.679867029 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.679972887 CET | 49698 | 443 | 192.168.2.3 | 192.185.196.50 |
Nov 29, 2022 20:24:22.679990053 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Nov 29, 2022 20:24:22.680197954 CET | 443 | 49698 | 192.185.196.50 | 192.168.2.3 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 29, 2022 20:24:19.556044102 CET | 65186 | 53 | 192.168.2.3 | 1.1.1.1 |
Nov 29, 2022 20:24:19.557481050 CET | 50041 | 53 | 192.168.2.3 | 1.1.1.1 |
Nov 29, 2022 20:24:19.558235884 CET | 63765 | 53 | 192.168.2.3 | 1.1.1.1 |
Nov 29, 2022 20:24:19.575220108 CET | 53 | 50041 | 1.1.1.1 | 192.168.2.3 |
Nov 29, 2022 20:24:19.578953028 CET | 53 | 63765 | 1.1.1.1 | 192.168.2.3 |
Nov 29, 2022 20:24:20.271323919 CET | 49454 | 53 | 192.168.2.3 | 1.1.1.1 |
Nov 29, 2022 20:24:20.501948118 CET | 53 | 49454 | 1.1.1.1 | 192.168.2.3 |
Nov 29, 2022 20:24:23.285932064 CET | 64579 | 53 | 192.168.2.3 | 1.1.1.1 |
Nov 29, 2022 20:24:23.304537058 CET | 53 | 64579 | 1.1.1.1 | 192.168.2.3 |
Nov 29, 2022 20:24:23.311235905 CET | 52348 | 53 | 192.168.2.3 | 1.1.1.1 |
Nov 29, 2022 20:24:23.330245972 CET | 53 | 52348 | 1.1.1.1 | 192.168.2.3 |
Nov 29, 2022 20:24:23.522164106 CET | 52907 | 53 | 192.168.2.3 | 1.1.1.1 |
Nov 29, 2022 20:24:23.539839029 CET | 53 | 52907 | 1.1.1.1 | 192.168.2.3 |
Nov 29, 2022 20:24:24.897500038 CET | 56244 | 53 | 192.168.2.3 | 1.1.1.1 |
Nov 29, 2022 20:24:27.267615080 CET | 58946 | 53 | 192.168.2.3 | 1.1.1.1 |
Nov 29, 2022 20:25:23.342816114 CET | 55220 | 53 | 192.168.2.3 | 1.1.1.1 |
Nov 29, 2022 20:25:23.360928059 CET | 53 | 55220 | 1.1.1.1 | 192.168.2.3 |
Nov 29, 2022 20:25:23.367889881 CET | 57975 | 53 | 192.168.2.3 | 1.1.1.1 |
Nov 29, 2022 20:25:23.386446953 CET | 53 | 57975 | 1.1.1.1 | 192.168.2.3 |
Nov 29, 2022 20:25:29.444670916 CET | 49767 | 53 | 192.168.2.3 | 1.1.1.1 |
Nov 29, 2022 20:25:29.674268007 CET | 53 | 49767 | 1.1.1.1 | 192.168.2.3 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 29, 2022 20:24:19.556044102 CET | 192.168.2.3 | 1.1.1.1 | 0x5469 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 20:24:19.557481050 CET | 192.168.2.3 | 1.1.1.1 | 0xc108 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 20:24:19.558235884 CET | 192.168.2.3 | 1.1.1.1 | 0x8e35 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 20:24:20.271323919 CET | 192.168.2.3 | 1.1.1.1 | 0x51c8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 20:24:23.285932064 CET | 192.168.2.3 | 1.1.1.1 | 0x4b23 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 20:24:23.311235905 CET | 192.168.2.3 | 1.1.1.1 | 0xaa0d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 20:24:23.522164106 CET | 192.168.2.3 | 1.1.1.1 | 0xb7d1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 20:24:24.897500038 CET | 192.168.2.3 | 1.1.1.1 | 0x63d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 20:24:27.267615080 CET | 192.168.2.3 | 1.1.1.1 | 0x9293 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 20:25:23.342816114 CET | 192.168.2.3 | 1.1.1.1 | 0x6b47 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 20:25:23.367889881 CET | 192.168.2.3 | 1.1.1.1 | 0xa4db | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 29, 2022 20:25:29.444670916 CET | 192.168.2.3 | 1.1.1.1 | 0xda0b | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 29, 2022 20:24:19.575120926 CET | 1.1.1.1 | 192.168.2.3 | 0x5469 | No error (0) | cds.s5x3j6q5.hwcdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 29, 2022 20:24:19.575220108 CET | 1.1.1.1 | 192.168.2.3 | 0xc108 | No error (0) | 142.250.186.45 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 20:24:19.578953028 CET | 1.1.1.1 | 192.168.2.3 | 0x8e35 | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 29, 2022 20:24:19.578953028 CET | 1.1.1.1 | 192.168.2.3 | 0x8e35 | No error (0) | 142.250.186.110 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 20:24:20.501948118 CET | 1.1.1.1 | 192.168.2.3 | 0x51c8 | No error (0) | 192.185.196.50 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 20:24:23.304537058 CET | 1.1.1.1 | 192.168.2.3 | 0x4b23 | No error (0) | 142.250.181.228 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 20:24:23.330245972 CET | 1.1.1.1 | 192.168.2.3 | 0xaa0d | No error (0) | 142.250.181.228 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 20:24:23.539839029 CET | 1.1.1.1 | 192.168.2.3 | 0xb7d1 | No error (0) | 104.17.24.14 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 20:24:23.539839029 CET | 1.1.1.1 | 192.168.2.3 | 0xb7d1 | No error (0) | 104.17.25.14 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 20:24:23.601629972 CET | 1.1.1.1 | 192.168.2.3 | 0xc441 | No error (0) | part-0017.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 29, 2022 20:24:23.601629972 CET | 1.1.1.1 | 192.168.2.3 | 0xc441 | No error (0) | 13.107.246.45 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 20:24:23.601629972 CET | 1.1.1.1 | 192.168.2.3 | 0xc441 | No error (0) | 13.107.213.45 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 20:24:24.917996883 CET | 1.1.1.1 | 192.168.2.3 | 0x63d | No error (0) | aadcdn.azureedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 29, 2022 20:24:24.917996883 CET | 1.1.1.1 | 192.168.2.3 | 0x63d | No error (0) | 152.199.23.72 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 20:24:27.290196896 CET | 1.1.1.1 | 192.168.2.3 | 0x9293 | No error (0) | aadcdn.azureedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 29, 2022 20:24:27.290196896 CET | 1.1.1.1 | 192.168.2.3 | 0x9293 | No error (0) | 152.199.23.72 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 20:24:27.380778074 CET | 1.1.1.1 | 192.168.2.3 | 0xb0cc | No error (0) | global-entry-afdthirdparty-fallback.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 29, 2022 20:24:27.380778074 CET | 1.1.1.1 | 192.168.2.3 | 0xb0cc | No error (0) | part-0017.t-0009.fbs1-t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 29, 2022 20:24:27.380778074 CET | 1.1.1.1 | 192.168.2.3 | 0xb0cc | No error (0) | 13.107.219.45 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 20:24:27.380778074 CET | 1.1.1.1 | 192.168.2.3 | 0xb0cc | No error (0) | 13.107.227.45 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 20:25:23.360928059 CET | 1.1.1.1 | 192.168.2.3 | 0x6b47 | No error (0) | 142.250.185.100 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 20:25:23.386446953 CET | 1.1.1.1 | 192.168.2.3 | 0xa4db | No error (0) | 142.250.181.228 | A (IP address) | IN (0x0001) | false | ||
Nov 29, 2022 20:25:29.674268007 CET | 1.1.1.1 | 192.168.2.3 | 0xda0b | No error (0) | 192.185.196.50 | A (IP address) | IN (0x0001) | false |
|
Click to jump to process
Target ID: | 0 |
Start time: | 20:24:15 |
Start date: | 29/11/2022 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6566b0000 |
File size: | 2852640 bytes |
MD5 hash: | 7BC7B4AEDC055BB02BCB52710132E9E1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 2 |
Start time: | 20:24:17 |
Start date: | 29/11/2022 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6566b0000 |
File size: | 2852640 bytes |
MD5 hash: | 7BC7B4AEDC055BB02BCB52710132E9E1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |